Spam: The On-Going Battle

The following was written by one of our senior technicians as an internal communication to one of our clients. There is a lot of valuable information for anyone who uses email (2.5 billion people worldwide...), and a read through could help shed light on spam from the perspective of a managed IT provider:

Spam accounts for a staggering 82% of email messages processed by LAN Solutions' mail filter.

Spam accounts for a staggering 82% of email messages processed by LAN Solutions' mail filter.

Definition
Spam, by definition, irrelevant or inappropriate messages sent on the Internet to a large number of recipients.  It’s a prevalent way to send a large quantity of advertisements for drugs, money scams, malware attacks, phishing attempts, and a slew of other types of solicitations to random and bulk people in the world.  It’s cheap to send (no stamps or envelopes are involved) and easy to reach large numbers of people by utilizing systems that are not properly secured or have been compromised.  It’s not difficult for an expert spammer to gain access to an improperly secured mail server and use dictionaries of names and domains to create thousands (if not tens of thousands or millions) of emails and fire [them] across the internet to unsuspecting victims.  These are unsolicited bulk emails versus the mailings/newsletters you might sign up for at your favorite department store, office supply store, or other provider of goods and services.  
With that said I think I’d expand the definition of spam to be irrelevant or inappropriate unsolicited messages sent on the Internet to a large number of recipients.
This month, 4.14% of emails filtered by LAN Solutions contained viruses or malware, over 13,000 emails in total.

This month, 4.14% of emails filtered by LAN Solutions contained viruses or malware, over 13,000 emails in total.

The Fight Against
So how is spam prevented or combated?  Prevented?  Next to impossible.  The nature of email and the origins of many of the underlying designs our email systems are based on can’t really prevent bad email from being sent.  Add to the equation that there are countless mail servers in the world and not all of them are secured, maintained, or monitored in a thorough manner and sometimes by less than capable administrators.  These systems could be set up incorrectly and could be an “open relay” in which they allow all mail requests to be granted for delivery even to mail domains they don’t manage, or perhaps there was a security hole that wasn’t patched and was exploited and spam is sent regardless of how well managed the server is.  Even your own email user name and password can be compromised and legitimate and secured mail servers can be used to spam others from your own account.  How is it combated?  With mail filters and appliances designed to detect spam and block it.  These devices and software packages use databases of patterns and identified spam to classify and rate every email that is received (and sometimes sent) to ensure that spam doesn’t get through.  Heuristics, blacklists, reverse DNS, and a multitude of other methodologies are used to further rate and potentially block spam from getting to your inbox.
Results
Is it perfect?  Sadly no.  No database can contain every possible way that a spammer could spell a word obscurely to beat the filter.  Blacklists and reverse DNS could affect legitimate systems and block good email as well.  A very delicate balance needs to be struck on each and every mail filter to ensure the most spam is being prevented from being delivered while allowing delivery of the most possible good email.  Again, never perfect.  You could make the rules too lax at which point 100% of good email gets to you, but so does 5-10% of the spam.  Settings could be tightened and 1% of spam gets through, but only 98% of good email gets through.  Make the settings really strict and 0% spam makes it through, but only 89% of good email does—and that meeting request for that billion dollar business deal wasn’t one of them.  Whoops.  1% spam is looking better if it means getting those meeting requests.
Perspective
As indicated previously, it’s not a perfect science.  There’s a lot of ways to beat the filters and the cat-and-mouse game has to constantly be waged, much like viruses and antivirus, to ensure the least amount of spam possible.  But spam still gets through.  Ever wondered how much email is processed and how much spam is handled and good email is delivered?
LAN Solutions provides email spam filtering as a service to our clients. Our mail filter has received 15,233,765 messages this year alone.  Of those messages 12,589,107 (or 82.64%) were classified spam and blocked with another 143,936 (1.6%) being infected by viruses.  Only 18.36% of messages this year were deemed legitimate and allows to pass through.  This week alone, the mail filter has processed 215,246 messages with 84.29% of them spam, 4.36% of them viruses, and only 24,419 messages (11.34%) actually allowed to be delivered.  Staggering numbers when, if all spam was delivered, your Inbox would be filled with messages at a rate of nearly 9-to-1 in favour of viruses and spam today alone.  Yikes!
--
Scott Mulroy